GDPR compliance
QuietBlade supports customers in meeting GDPR obligations through privacy-by-design controls, transparent documentation, and auditable processes.
Roles and responsibilities
- Controller vs. Processor: Customers generally act as controllers for end‑user data; QuietBlade acts as a processor under a Data Processing Addendum (DPA).
- Records of Processing Activities (RoPA): We maintain detailed records, including categories of data, purposes, recipients, and retention.
- Principles: Lawfulness, fairness, transparency, purpose limitation, minimization, accuracy, storage limitation, integrity, and confidentiality.
Data subject rights
- Access, rectification, and erasure where applicable
- Restriction and objection to processing
- Portability of personal data
- Safeguards around automated decisions; human review available for contested outcomes
We provide tools and audit logs to assist controllers in fulfilling requests promptly and securely.
International transfers
- DPA with Standard Contractual Clauses (SCCs) where relevant
- Transfer Impact Assessments (TIAs) and supplementary measures
- Regional residency options and restrictions on subprocessor locations
Security and notifications
- Technical and organizational measures (TOMs): encryption, access controls, secure SDLC, and monitoring
- Vendor management, penetration tests, and vulnerability remediation SLAs
- Breach notification processes aligned with GDPR timelines
DPO and contact
For GDPR inquiries, contact our team at [email protected] or call +61 2 7908 4360. We aim to respond within 3 business days.